Lucene search
K

3025 matches found

Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.31 views

FreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c)

A SquirrelMail Security Advisory reports : SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue i...

7.5CVSS5AI score0.02818EPSS
Exploits0References9
CVE
CVE
added 2005/07/10 4:0 a.m.49 views

CVE-2004-2211

CVE-2004-2211 describes a cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0. The flaw allows remote attackers to inject arbitrary scripts/HTML through multiple input vectors: forum_id, method, and forum_title in post.asp; forum_title in forum.asp; and id in post.asp. The cited ref...

4.3CVSS5.9AI score0.01382EPSS
Exploits1References6Affected Software1
Exploit DB
Exploit DB
added 2005/07/01 12:0 a.m.209 views

XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection

tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc drupal exploit, but James sais xoop...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/07/01 12:0 a.m.27 views

XML-RPC Library 1.3.0 - xmlrpc.php Remote Code Injection

XML-RPC Library 1.3.0 - xmlrpc.php Remote Code Injection tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research...

0.3AI score
Exploits0
0day.today
0day.today
added 2005/07/01 12:0 a.m.91 views

XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit

Exploit for unknown platform in category web applications =================================================================== XML-RPC Library \n"; print "special chars allowed are / and - \n\n"; read command line options my $options = GetOptions general options 'host=s' = $host, input host to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2005/07/01 12:0 a.m.31 views

XML-RPC Library &lt;= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit

No description provided by source. tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/01 12:0 a.m.259 views

Serendipity XML-RPC for PHP Remote Code Injection

The version of Serendipity installed on the remote host is prone to remote code execution due to a failure of its bundled XML-RPC library to sanitize user-supplied input to the 'serendipityxmlrpc.php' script. This flaw may allow attackers to execute code remotely subject to the privileges of the...

7.5CVSS6.2AI score0.79071EPSS
Exploits5References4
Symantec
Symantec
added 2005/06/29 12:0 a.m.119 views

XML-RPC for PHP Remote Code Injection Vulnerability

Description XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access. XML-RPC for PHP 1.1 and prior...

8.1AI score
Exploits0References29Affected Software47
CVE
CVE
added 2005/06/28 4:0 a.m.57 views

CVE-2002-1954

CVE-2002-1954 is an XSS in the PHP 4.2.3 phpinfo function. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the query string argument, demonstrated using soinfo.php. Affected software: PHP 4.2.3; vulnerable component: phpinfo output handling. Root cause: unsani...

4.3CVSS6AI score0.11853EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.23 views

CVE-2002-1965

Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...

5.7AI score0.01733EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.23 views

CVE-2002-1802

Cross-site scripting XSS vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news...

5.7AI score0.01724EPSS
Exploits1References4
CVE
CVE
added 2005/06/21 4:0 a.m.45 views

CVE-2002-1732

Actinic Catalog 4.7.0 is affected by multiple XSS vulnerabilities (CVE-2002-1732). The issues allow remote attackers to inject arbitrary web script or HTML via: (1) query string arguments to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) the PRODREF parameter to ss000007.pl, or ...

4.3CVSS6AI score0.0137EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2005/06/01 4:0 a.m.46 views

CVE-2005-1811

Technical details for CVE-2005-1811 are not publicly available in the provided documents. Monitor for updates.

4.3CVSS6AI score0.0127EPSS
Exploits1References4Affected Software1
FreeBSD
FreeBSD
added 2005/05/27 12:0 a.m.57 views

postnuke -- multiple vulnerabilities

Postnuke Security Announcementss reports of the following vulnerabilities: missing input validation within /modules/Messages/readpmsg.php possible path disclosure within /user.php possible path disclosure within /modules/News/article.php possible remote code injection within /includes/pnMod.php...

7.5CVSS7.2AI score0.79071EPSS
Exploits6References4
Exploit DB
Exploit DB
added 2005/05/26 12:0 a.m.27 views

Maxwebportal 1.36 - &#039;Password.asp&#039; Change Password (1) (HTML)

-----------------Code Start-----Version 1.35 and older-------------- pass1: pass2: Id: Member Key: -----------------End------------------- Version 1.36, 2.0, 20050418 Next: -----------------Code Start-----Version 1.36, 2.0, 20050418 Next-------------- pass1: pass2: Id: Member Key:...

7.4AI score
Exploits0
CVE
CVE
added 2005/05/24 4:0 a.m.52 views

CVE-2005-1695

CVE-2005-1695 affects PostNuke RSS module (versions 0.750, 0.760RC2/RC3). The vulnerability is described as multiple cross-site scripting (XSS) flaws allowing remote injection of script/HTML via parameters: rss_url in magpie_slashbox.php and url in magpie_simple.php/magpie_debug.php. Connected Op...

2.6CVSS5.8AI score0.01158EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/05/23 12:0 a.m.32 views

PostNuke <= 0.760 RC4a Multiple Vulnerabilities

The remote host is running PostNuke version 0.760 RC4a or older. These versions suffer from several vulnerabilities, among them : - Multiple Remote Code Injection Vulnerabilities An attacker can read arbitrary files on the remote and possibly inject arbitrary PHP code remotely. - SQL Injection...

7.5CVSS6.6AI score0.01686EPSS
Exploits0References10
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.23 views

CVE-2004-1926

Tiki CMS/Groupware TikiWiki 1.8.1 and earlier allows remote attackers to inject arbitrary code via the 1 Theme, 2 Country, 3 Real Name, or 4 Displayed time zone fields in a User Profile, or the 5 Name, 6 Description, 7 URL, or 8 Country fields in a Directory/Add Site operation...

7AI score0.07466EPSS
Exploits3References4
Exploit DB
Exploit DB
added 2005/05/03 12:0 a.m.25 views

osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Reportedly the application permits the inclusion of remote code that could be run...

7.4AI score
Exploits0
NVD
NVD
added 2005/05/02 4:0 a.m.16 views

CVE-2005-1181

NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor h...

7.5CVSS8.1AI score0.02523EPSS
Exploits0References3
Rows per page
Query Builder